Search in sources :

Example 1 with AccessRuleType

use of iso.std.iso_iec._24727.tech.schema.AccessRuleType in project open-ecard by ecsec.

the class CIFCreator method createRuleTrue.

private AccessRuleType createRuleTrue(NamedDataServiceActionName actionName) {
    AccessRuleType rule = new AccessRuleType();
    rule.setCardApplicationServiceName("NamedDataService");
    rule.setAction(createAction(actionName));
    rule.setSecurityCondition(createTrueCond());
    return rule;
}
Also used : AccessRuleType(iso.std.iso_iec._24727.tech.schema.AccessRuleType)

Example 2 with AccessRuleType

use of iso.std.iso_iec._24727.tech.schema.AccessRuleType in project open-ecard by ecsec.

the class CIFCreator method createRuleTrue.

private AccessRuleType createRuleTrue(DifferentialIdentityServiceActionName actionName) {
    AccessRuleType rule = new AccessRuleType();
    rule.setCardApplicationServiceName("DifferentialIdentityService");
    rule.setAction(createAction(actionName));
    rule.setSecurityCondition(createTrueCond());
    return rule;
}
Also used : AccessRuleType(iso.std.iso_iec._24727.tech.schema.AccessRuleType)

Example 3 with AccessRuleType

use of iso.std.iso_iec._24727.tech.schema.AccessRuleType in project open-ecard by ecsec.

the class CIFCreator method createPinDID.

private DIDInfoType createPinDID() throws WSMarshallerException {
    LOG.debug("Creating PinCompare DID object.");
    DIDInfoType di = new DIDInfoType();
    // create differential identity
    DifferentialIdentityType did = new DifferentialIdentityType();
    di.setDifferentialIdentity(did);
    String didName = PIN_NAME;
    did.setDIDName(didName);
    did.setDIDProtocol("urn:oid:1.3.162.15480.3.0.9");
    did.setDIDScope(DIDScopeType.GLOBAL);
    // create pin compare marker
    PinMarkerBuilder markerBuilder = new PinMarkerBuilder();
    KeyRefType kr = new KeyRefType();
    // value is irrelevant
    kr.setKeyRef(new byte[] { 0x01 });
    markerBuilder.setPinRef(kr);
    try {
        PasswordAttributesType pw = new PasswordAttributesType();
        MwToken tok = session.getSlot().getTokenInfo();
        long minPinLen = tok.getUlMinPinLen();
        long maxPinLen = tok.getUlMinPinLen();
        pw.setMinLength(BigInteger.valueOf(minPinLen));
        pw.setMaxLength(BigInteger.valueOf(maxPinLen));
        markerBuilder.setPwAttributes(pw);
    } catch (CryptokiException | NullPointerException ex) {
        LOG.warn("Unable to read min and max PIN length from middleware.");
    }
    // wrap pin compare marker and add to parent
    PinCompareMarkerType marker = markerBuilder.build();
    DIDMarkerType markerWrapper = new DIDMarkerType();
    markerWrapper.setPinCompareMarker(marker);
    did.setDIDMarker(markerWrapper);
    // create acl
    AccessControlListType acl = new AccessControlListType();
    di.setDIDACL(acl);
    List<AccessRuleType> rules = acl.getAccessRule();
    rules.add(createRuleTrue(AuthorizationServiceActionName.ACL_LIST));
    rules.add(createRuleTrue(DifferentialIdentityServiceActionName.DID_LIST));
    rules.add(createRuleTrue(DifferentialIdentityServiceActionName.DID_GET));
    rules.add(createRuleTrue(DifferentialIdentityServiceActionName.DID_AUTHENTICATE));
    return di;
}
Also used : KeyRefType(iso.std.iso_iec._24727.tech.schema.KeyRefType) PasswordAttributesType(iso.std.iso_iec._24727.tech.schema.PasswordAttributesType) AccessControlListType(iso.std.iso_iec._24727.tech.schema.AccessControlListType) PinMarkerBuilder(org.openecard.mdlw.sal.didfactory.PinMarkerBuilder) DIDMarkerType(iso.std.iso_iec._24727.tech.schema.DIDMarkerType) DifferentialIdentityType(iso.std.iso_iec._24727.tech.schema.DifferentialIdentityType) PinCompareMarkerType(iso.std.iso_iec._24727.tech.schema.PinCompareMarkerType) DIDInfoType(iso.std.iso_iec._24727.tech.schema.DIDInfoType) CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException) AccessRuleType(iso.std.iso_iec._24727.tech.schema.AccessRuleType)

Example 4 with AccessRuleType

use of iso.std.iso_iec._24727.tech.schema.AccessRuleType in project open-ecard by ecsec.

the class CIFCreator method getCertificateDatasets.

private List<DataSetInfoType> getCertificateDatasets() throws CryptokiException {
    ArrayList<DataSetInfoType> datasets = new ArrayList<>();
    List<MwCertificate> mwCerts = session.getCertificates();
    for (MwCertificate cert : mwCerts) {
        // create DataSetType and set primitive values
        DataSetInfoType ds = new DataSetInfoType();
        ds.setDataSetName(cert.getLabel());
        PathType path = new PathType();
        ds.setDataSetPath(path);
        // don't care value
        path.setEfIdOrPath(new byte[] { (byte) 0xFF });
        // create ACLs
        AccessControlListType acl = new AccessControlListType();
        ds.setDataSetACL(acl);
        List<AccessRuleType> rules = acl.getAccessRule();
        rules.add(createRuleTrue(AuthorizationServiceActionName.ACL_LIST));
        rules.add(createRuleTrue(NamedDataServiceActionName.DSI_READ));
        rules.add(createRuleTrue(NamedDataServiceActionName.DSI_LIST));
        rules.add(createRuleTrue(NamedDataServiceActionName.DATA_SET_SELECT));
        datasets.add(ds);
    }
    return datasets;
}
Also used : PathType(iso.std.iso_iec._24727.tech.schema.PathType) AccessControlListType(iso.std.iso_iec._24727.tech.schema.AccessControlListType) DataSetInfoType(iso.std.iso_iec._24727.tech.schema.DataSetInfoType) ArrayList(java.util.ArrayList) AccessRuleType(iso.std.iso_iec._24727.tech.schema.AccessRuleType)

Example 5 with AccessRuleType

use of iso.std.iso_iec._24727.tech.schema.AccessRuleType in project open-ecard by ecsec.

the class AccessRuleCreator method create.

public AccessRuleType create() {
    AccessRuleType art = new AccessRuleType();
    art.setCardApplicationServiceName(serviceName);
    art.setAction(actionNameType);
    SecurityConditionType security = new SecurityConditionType();
    if (securityConditionAlways != null) {
        security.setAlways(securityConditionAlways);
    }
    if (securityConditionNever != null) {
        security.setNever(securityConditionNever);
    }
    art.setSecurityCondition(security);
    return art;
}
Also used : AccessRuleType(iso.std.iso_iec._24727.tech.schema.AccessRuleType) SecurityConditionType(iso.std.iso_iec._24727.tech.schema.SecurityConditionType)

Aggregations

AccessRuleType (iso.std.iso_iec._24727.tech.schema.AccessRuleType)11 AccessControlListType (iso.std.iso_iec._24727.tech.schema.AccessControlListType)3 DIDInfoType (iso.std.iso_iec._24727.tech.schema.DIDInfoType)2 DIDMarkerType (iso.std.iso_iec._24727.tech.schema.DIDMarkerType)2 DIDStructureType (iso.std.iso_iec._24727.tech.schema.DIDStructureType)2 DifferentialIdentityType (iso.std.iso_iec._24727.tech.schema.DifferentialIdentityType)2 SecurityConditionType (iso.std.iso_iec._24727.tech.schema.SecurityConditionType)2 ArrayList (java.util.ArrayList)2 CryptokiException (org.openecard.mdlw.sal.exceptions.CryptokiException)2 ACLList (iso.std.iso_iec._24727.tech.schema.ACLList)1 ACLListResponse (iso.std.iso_iec._24727.tech.schema.ACLListResponse)1 AlgorithmIdentifierType (iso.std.iso_iec._24727.tech.schema.AlgorithmIdentifierType)1 AlgorithmInfoType (iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType)1 CertificateRefType (iso.std.iso_iec._24727.tech.schema.CertificateRefType)1 CryptoMarkerType (iso.std.iso_iec._24727.tech.schema.CryptoMarkerType)1 CryptographicServiceActionName (iso.std.iso_iec._24727.tech.schema.CryptographicServiceActionName)1 DIDAuthenticationStateType (iso.std.iso_iec._24727.tech.schema.DIDAuthenticationStateType)1 DataSetInfoType (iso.std.iso_iec._24727.tech.schema.DataSetInfoType)1 KeyRefType (iso.std.iso_iec._24727.tech.schema.KeyRefType)1 NamedDataServiceActionName (iso.std.iso_iec._24727.tech.schema.NamedDataServiceActionName)1